Responsible Disclosure Policy
Sharktech takes security very seriously for our clients, our services, and our staff. If you are a security researcher and have discovered a vulnerability in our web site or services, we appreciate your help in disclosing this to us in a responsible manner.
Sharktech will engage with security researchers when vulnerabilities are reported to us in accordance with this Responsible Disclosure Policy. We will validate, respond and fix vulnerabilities in accordance with our commitment to security and privacy. We won’t take legal action against those who discover and report security vulnerabilities in accordance with this Responsible Disclosure Policy. Sharktech reserves all of its legal rights in the event of any noncompliance.
Responsible Disclosure helps increase security for ourselves and the community as a whole. Please follow the guidelines below:
- • Do not disclose a bug or vulnerability on public notice boards, mailing lists or other public forums, prior to Responsible Disclosure and an appropriate opportunity for it to be fixed.
- • Do not utilize an exploit to view data without authorization or compromise the confidentiality or availability.
- • Do not perform an attack that would impact the reliability / availability of services. DDoS/Spam attacks are not allowed.
- • Do not use scanners or automated tools to find vulnerabilities. They can have unintended consequences or impact.
- • Make a good faith effort to avoid privacy violations as well as destruction, interruption or segregation of our services.
- • Do not modify or destroy data that does not belong to you.
- • Never attempt non-technical attacks, such as social engineering, phishing or physical attacked against our employees or infrastructure.
- • Allow Sharktech an opportunity to correct a vulnerability within a reasonable time frame before publicly disclosing the identified issue, in order to ensure that Sharktech has developed and thoroughly tested a solution.
How to Report an Issue
Please email bugreport [at] sharktech [dot] net to report any security vulnerabilities. We will acknowledge receipt of your vulnerability report the next business day and strive to send you regular updates about our progress. If you're curious about the status of your disclosure please feel free to email us again.
If reporting vulnerabilities, please include:
- • Suspected vulnerability.
- • Steps to enable us to reproduce the issue.
- • Your email address and secure mechanism to contact you.
- • Your name (and/or colleagues) if you would like to be recognized.
At Sharktech’s discretion, you may be eligible for monetary compensation for your efforts.